Microsoft is continuing its broad ongoing push to contribute to open source projects by joining the newly formed Confidential Computing Consortium, a Linux-led foundation that aims to provide better protection for data that is actually used by applications on a computer or in the cloud (as opposed to off at rest, or not in use).
Microsoft is far from alone in this endeavor, and has joined Intel in the consortium, along with the handle, Baidu, Google cloud, IBM, Little Red Riding Hood and other technology giants.
- How to speed up Ubuntu 18.04
- We have selected all the best Linux distributions
- This is the best linux app of 2019
The main goal is to promote 'confidential computing' and the use of trusted execution environments (tees) for data protection, which is actively used.
The Linux Foundation explains: “Modern approaches in cloud computing address data in storage and transmission, but data encryption is the third and arguably most difficult step towards ensuring a fully encrypted lifecycle of sensitive data.
“Confidential computing will allow encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure to sensitive data and provide more control and transparency to users.”
In other words, the operating system may be compromised by some kind of malware, but the data used by the program will still be encrypted and therefore safe from intruders.
Open Enclave
There are a number of key elements towards achieving this goal, and Microsoft, contributing to its open KFOR enclave, is an open source framework that facilitates the home (and verification) of hardware-secured trusted applications. These tee-towing applications will be able to run on multiple hardware architectures including the Intel SGX processor and TrustZone arm (and Linux and Windows on the software front).
The SGX extensions (software extension guard) SDK is an important piece of the puzzle that Intel has merged here, along with the red hat Enarx, which provides hardware independence when it comes to securing applications through tees. The latter is analogous to the open enclave, but it's not surprising that more attention is paid to Linux.
The end goal here should be better security for important data across the board, in general terms, and while the consortium and its goals obviously need to be business oriented, remember that this is often your personal data that these large processing organizations and crunch . So, in a very real way when it comes to data breaches and how often your security is at stake.
Mark Russinovich, Microsoft CTO, is delighted: “The open enclave SDK is already a popular tool for developers working on trusted execution environments, one of the most promising areas for data protection.
“We hope that this contribution to the consortium can put funds in even more developer hands and accelerate the development and adoption of programs, thus improving the reliability and security of cloud computing and the edge.”
- Check out all the best laptops of 2019
Through Volumes of hardware